Home MacOS Apple makes welcome change to ‘Big Sur’ security for Macs

Apple makes welcome change to ‘Big Sur’ security for Macs

172
30

When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system’s security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong?

For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple’s own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn’t in tune with Apple’s traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

It meant Apple apps could access the Internet to gain Gatekeeper privileges while other applications could not, posing a potential security challenge, as they were included on the ContentFilterExclusionList.

It was subsequently shown that this protection could be subverted to give apps — including malware — similar special powers. Rogue applications could be running in the background, bypassing Getekeeper protection, even when the user believed their Mac was protected by a Firewall.

This exploit wasn’t especially trivial, and it comprised a security threat.

If you are running the current public version of Big Sur, you can see the list for yourself at /System/Library/Frameworks/NetworkExtension.framework/Versions/Current/Resources/Info.plist file, just look for “ContentFilterExclusionList.”

What has changed?

Apple has fixed this problem in its latest public beta, as noted by Patrick Wardle. The company has removed the ContentFilterExclusionList from macOS 11.2 Big Sur beta 2, which means firewalls and activity filters can now monitor the behavior of Apple’s apps, and also makes for a reduction in the potential attack vulnerability.

We know why Apple attempted this. When the company removed support for kernel extensions (kexts) from Macs, it also built a new architecture to support extensions that relied on kexts.

However, it also chose to make its own apps exempt from these frameworks, which is why software that relied on the new extensions architecture couldn’t spot or block the traffic they generated.

Why might it make sense?

I can imagine some reasons it might make sense for some Apple applications to be enabled to run in some kind of super-secret mode. Specifically, I’m thinking about FindMy and how useful that might be if left to run surreptitiously on a lost or stolen Mac. But even in that instance, it seems more appropriate (and far more in tune with Apple’s growing stance on privacy and user control) to give users control of that interaction, perhaps with something like a “run secretly in the background and resist firewalls” button.

In the future, as Apple moves toward mesh-based coverage, particularly for Find My, the challenge engineers will need to solve is how to enable traffic — finding other Apple devices or sharing information about their location, for example — to safely and securely be maintained as a discrete background process without generating additional user friction (security messages) and maintaining privacy and security across the chain.

I’ve a feeling this may have been an attempt in that direction, but the fact it could be subverted to penetrate Mac security is unsustainable. I’m sure Apple will be seeking better solutions to such conundra.

When will Big Sur be updated?

The current edition of Big Sur hasn’t yet deployed this fix, but the fact that it is now available within the latest public beta suggests it will ship more widely in the next couple of weeks.

When it arrives, it also introduces another useful layer of protection for M1 Macs, which will no longer be able to side load potentially unapproved iOS apps as the capacity to bypass the firewall will have been removed.

Please follow me on Twitter, or join me in the  AppleHolic’s bar & grill  group on MeWe.

Copyright © 2021 Softwaretoolapps, Inc.

30 COMMENTS

  1. Its such as you learn my mind! You appear to know a
    lot about this, such as you wrote the ebook in it or something.
    I think that you could do with some p.c. to force the message home a bit,
    but instead of that, that is great blog. A great read.
    I’ll definitely be back. asmr 0mniartist

  2. This is very attention-grabbing, You are a very skilled blogger.
    I have joined your feed and look forward to searching for extra of your excellent post.

    Additionally, I’ve shared your site in my social networks

  3. With havin so much content and articles do you ever run into any problems of plagorism
    or copyright infringement? My site has a lot of completely unique content I’ve
    either created myself or outsourced but it seems a lot of it is
    popping it up all over the internet without my agreement.
    Do you know any solutions to help protect against content from being stolen? I’d definitely appreciate it.

  4. Magnificent beat ! I would like to apprentice even as
    you amend your website, how can i subscribe for a blog site?
    The account aided me a appropriate deal. I have been a little bit familiar of this your broadcast provided vivid transparent concept

  5. Wow, amazing blog layout! How lengthy have you ever been running
    a blog for? you made blogging glance easy. The total look of your site is great, as neatly as the content!

  6. Simply desire to say your article is as amazing.
    The clearness in your post is just spectacular and i could think you are knowledgeable on this
    subject. Fine with your permission let me to seize your feed to keep
    up to date with drawing close post. Thank you one million and please keep up the
    rewarding work.

  7. When I originally commented I seem to have clicked the -Notify me when new comments are added- checkbox and now whenever a comment is added I get four emails with the exact same
    comment. There has to be a way you can remove me from that
    service? Many thanks!

  8. scoliosis
    I’m truly enjoying the design and layout of your site. It’s a very easy
    on the eyes which makes it much more enjoyable for me to come here and
    visit more often. Did you hire out a developer to create your theme?
    Great work! scoliosis

  9. scoliosis
    Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.
    You clearly know what youre talking about, why waste
    your intelligence on just posting videos to your weblog when you could be giving us something enlightening to read?
    scoliosis

  10. scoliosis
    I think this is among the most significant information for me.
    And i am glad reading your article. But want to remark on few
    general things, The website style is perfect, the articles is really great : D.

    Good job, cheers scoliosis

  11. free dating sites
    Have you ever thought about including a little
    bit more than just your articles? I mean, what you say is important and all.

    However just imagine if you added some great images or videos to give your
    posts more, “pop”! Your content is excellent but with images and video
    clips, this blog could certainly be one of the best in its niche.
    Great blog! free dating sites

  12. You really make it seem so easy with your presentation but
    I find this topic to be actually something which I think I
    would never understand. It seems too complex and very
    broad for me. I’m looking forward for your next post, I will try to get the hang of it!

  13. Fantastic goods from you, man. I’ve understand your stuff previous
    to and you are just too excellent. I actually like what you have acquired here, certainly like what you are saying and
    the way in which you say it. You make it enjoyable and you still
    take care of to keep it sensible. I can’t wait to read far more from you.
    This is really a wonderful web site.

  14. 123334 503619Aw, this is an incredibly good post. In thought I would like to put in place writing like this moreover – spending time and actual effort to create a good article but exactly what do I say I procrastinate alot through no indicates seem to get something accomplished. 936048

  15. I have not checked in here for some time as I thought it was getting boring, but the last several posts are great quality so I guess I will add you back to my daily bloglist. You deserve it my friend 🙂

LEAVE A REPLY

Please enter your comment!
Please enter your name here